﻿/***************************************************************
 * 开发人员：网魂小兵@http://www.mozlite.com
 * 
 * 目标标本：4.0.30319.239
 * 
 * 最后修改：2011/11/11 17:49:00
 * ************************************************************/
namespace Mozlite.Common
{
    using System;
    using System.Web;
    using System.Linq;
    using System.Text;
    using System.Web.Mvc;
    using System.Collections.Generic;
    using System.Reflection;

    /// <summary>
    /// 权限验证。
    /// </summary>
    public abstract class PermissionAuthorizeAttribute : AuthorizeAttribute
    {
        /// <summary>
        /// 初始化类<see cref="T:Mozlite.Common.PermissionAuthorizeAttribute"/>。
        /// </summary>
        /// <param name="permissionName">权限名称。</param>
        public PermissionAuthorizeAttribute(string permissionName) {
            if (!string.IsNullOrEmpty(permissionName))
            {
                property = PermissionType.GetProperty(permissionName);
                if (property == null)
                {
                    Logs.Error(string.Format("Property name of “{0}” is not found in type “{1}”！", permissionName, PermissionType.FullName), "Permissions", EventID.Permissions);
#if DEBUG
                    throw new Exception(string.Format("Property name of “{0}” is not found in type “{1}”！", permissionName, PermissionType.FullName));
#endif
                }
            }
        }

        private PropertyInfo property;

        /// <summary>
        /// 重写时，提供一个入口点用于进行自定义授权检查。
        /// </summary>
        /// <param name="httpContext">HTTP 上下文，它封装有关单个 HTTP 请求的所有 HTTP 特定的信息。</param>
        /// <returns>如果用户已经过授权，则为 true；否则为 false。</returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            User user = AppContext.Current.User;
            if (user != null)
            {
                if (user.IsGlobalAdministrator)
                    return true;
                if(user.MaxRole.RoleLevel < RoleLevel)
                    return false;
            }
            if (SchemaID != Guid.Empty && property != null)
            {
                try
                {
                    var permission = GetPermission(this.SchemaID, AppContext.Current.User.RoleIDs);
                    return (bool?)property.GetValue(permission, null) == true;
                }
                catch (Exception e)
                {
                    Logs.Error("PermissionAuthorize：", "Permissions", EventID.Permissions, e);
                }
            }
            return base.AuthorizeCore(httpContext);
        }  

        /// <summary>
        /// 角色等级。
        /// </summary>
        protected abstract RoleLevel RoleLevel { get; }

        /// <summary>
        /// 权限方案ID。
        /// </summary>
        protected abstract Guid SchemaID { get; }

        /// <summary>
        /// 获取权限类型。
        /// </summary>
        protected abstract Type PermissionType { get; }

        /// <summary>
        /// 获取权限。
        /// </summary>
        /// <typeparam name="T">权限类型。</typeparam>
        /// <param name="schemaID">权限方案。</param>
        /// <param name="roleIDs">角色ID列表。</param>
        /// <returns>返回权限实例。</returns>
        protected abstract PermissionBase GetPermission(Guid schemaID, List<int> roleIDs);
    }
}